From 470798e47b919be331417811ad619c23bf991987 Mon Sep 17 00:00:00 2001
From: Konstantinos Kopanidis <kkopanidis@users.noreply.github.com>
Date: Thu, 11 Jan 2024 16:52:34 +0200
Subject: [PATCH] fix(authentication): facebook and google native login missing
 scopes (#887)

fix(authentication): native login expecting clientId in request params
fix(authentication): native login not using scope conditionally from params
---
 modules/authentication/src/handlers/oauth2/OAuth2.ts       | 7 ++++---
 .../src/handlers/oauth2/facebook/facebook.ts               | 1 +
 .../authentication/src/handlers/oauth2/google/google.ts    | 1 +
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/authentication/src/handlers/oauth2/OAuth2.ts b/modules/authentication/src/handlers/oauth2/OAuth2.ts
index 13eec5100..7055819d5 100644
--- a/modules/authentication/src/handlers/oauth2/OAuth2.ts
+++ b/modules/authentication/src/handlers/oauth2/OAuth2.ts
@@ -176,10 +176,11 @@ export abstract class OAuth2<T, S extends OAuth2Settings>
 
   async authenticate(call: ParsedRouterRequest): Promise<UnparsedRouterResponse> {
     ConduitGrpcSdk.Metrics?.increment('login_requests_total');
+    const scopes = call.request.params?.scopes ?? this.defaultScopes;
     const payload = await this.connectWithProvider({
       accessToken: call.request.params['access_token'],
-      clientId: call.request.params['clientId'],
-      scope: call.request.params?.scope,
+      clientId: this.settings.clientId,
+      scope: scopes,
     });
     const user = await this.createOrUpdateUser(
       payload,
@@ -190,7 +191,7 @@ export abstract class OAuth2<T, S extends OAuth2Settings>
 
     return TokenProvider.getInstance().provideUserTokens({
       user,
-      clientId: call.request.params['clientId'],
+      clientId: this.settings.clientId,
       config,
     });
   }
diff --git a/modules/authentication/src/handlers/oauth2/facebook/facebook.ts b/modules/authentication/src/handlers/oauth2/facebook/facebook.ts
index 3c0346790..e0192f0c6 100644
--- a/modules/authentication/src/handlers/oauth2/facebook/facebook.ts
+++ b/modules/authentication/src/handlers/oauth2/facebook/facebook.ts
@@ -80,6 +80,7 @@ export class FacebookHandlers extends OAuth2<FacebookUser, OAuth2Settings> {
           access_token: ConduitString.Required,
           invitationToken: ConduitString.Optional,
           captchaToken: ConduitString.Optional,
+          scopes: [ConduitString.Optional],
         },
       },
       new ConduitRouteReturnDefinition('FacebookResponse', {
diff --git a/modules/authentication/src/handlers/oauth2/google/google.ts b/modules/authentication/src/handlers/oauth2/google/google.ts
index 6057439f6..8909dce0f 100644
--- a/modules/authentication/src/handlers/oauth2/google/google.ts
+++ b/modules/authentication/src/handlers/oauth2/google/google.ts
@@ -64,6 +64,7 @@ export class GoogleHandlers extends OAuth2<GoogleUser, OAuth2Settings> {
           expires_in: ConduitString.Optional,
           invitationToken: ConduitString.Optional,
           captchaToken: ConduitString.Optional,
+          scopes: [ConduitString.Optional],
         },
       },
       new ConduitRouteReturnDefinition('GoogleResponse', {